Categories: Ransom

ML/PE-A + Mal/Ransom-DU removal

The ML/PE-A + Mal/Ransom-DU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/Ransom-DU virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (8 unique times)
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Looks up the external IP address
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to delete volume shadow copies
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Creates a copy of itself
  • Creates a known TeslaCrypt/AlphaCrypt ransomware decryption instruction / key file.
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

myexternalip.com
hotbizlist.com
sofiehughesphotography.com
www.hugedomains.com
crl.pki.goog
ocsp.pki.goog
crls.pki.goog
ocsp.digicert.com
goedkoop-weekendjeweg.net
coatesarchitecture.com
adamhughes.in
magaz.mdoy.pro
apps.identrust.com
crl.identrust.com
x1.c.lencr.org

How to determine ML/PE-A + Mal/Ransom-DU?



File Info:

crc32: C2EDA713md5: 2cb4601bd7a15d52033fe3d8371f746bname: 2CB4601BD7A15D52033FE3D8371F746B.mlwsha1: 54fe1cbfb9f35354842cc0aa9fec4811a3be37afsha256: 01fed6e6691ae0742afbc2ab98fc4686d1338f407989ec67d850242a2d250d5fsha512: b27d39b5a86e2f3a059d33671d98bfd2d8cd50536ad2ed991e158cc11c98ff80944575e03b8f950e2036c3ea2ae8c1f146bd014cdae722413d4cc2a82448514fssdeep: 6144:U9sq3/nJPBQIzRXHid9JjKBT6thynKWRqyKP40rHPqSPOd7Mpr:UtPLXHiwT6SnN8Pbyodtype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

FileVersion: 7.1aCompanyName: TrueCrypt FoundationLegalTrademarks: TrueCryptProductName: TrueCryptProductVersion: 7.1aFileDescription: TrueCryptOriginalFilename: TrueCrypt.exeTranslation: 0x0409 0x04b0

ML/PE-A + Mal/Ransom-DU also known as:

Bkav W32.FamVT.RazyNHmC.Trojan
K7AntiVirus Trojan ( 004d976f1 )
Lionic Trojan.Win32.Bitman.j!c
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Panda.8087
Cynet Malicious (score: 100)
CAT-QuickHeal Worm.Dorkbot.WR4
Cylance Unsafe
Zillya Trojan.Bitman.Win32.653
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Ransom:Win32/Tescrypt.de41f73c
K7GW Trojan ( 004d976f1 )
Cybereason malicious.bd7a15
Baidu Win32.Trojan.Kryptik.td
Cyren W32/Agent.XL.gen!Eldorado
Symantec Ransom.TeslaCrypt!g2
ESET-NOD32 a variant of Win32/Kryptik.EINY
Zoner Trojan.Win32.37290
APEX Malicious
Avast Win32:TeslaCrypt-B [Trj]
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Lethic.Gen.13
NANO-Antivirus Trojan.Win32.Panda.dzhwey
ViRobot Trojan.Win32.R.Agent.304640.L
MicroWorld-eScan Trojan.Lethic.Gen.13
Tencent Malware.Win32.Gencirc.10c4f03e
Ad-Aware Trojan.Lethic.Gen.13
Sophos ML/PE-A + Mal/Ransom-DU
Comodo TrojWare.Win32.Ransom.Tescrypt.V@6a57bc
F-Secure Heuristic.HEUR/AGEN.1115790
BitDefenderTheta Gen:NN.ZexaF.34790.sC0@aO4i6yki
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_HPEPING.SM
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh
FireEye Generic.mg.2cb4601bd7a15d52
Emsisoft Trojan.Lethic.Gen.13 (B)
SentinelOne Static AI – Malicious PE
Jiangmin Trojan.Yakes.ahps
Avira HEUR/AGEN.1115790
Antiy-AVL Trojan/Generic.ASMalwS.1617C94
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Ransom:Win32/Tescrypt.D
Arcabit Trojan.Lethic.Gen.13
SUPERAntiSpyware Trojan.Agent/Gen-Malagent
GData Trojan.Lethic.Gen.13
AhnLab-V3 Trojan/Win32.Upbot.C1313884
Acronis suspicious
McAfee GenericRXEY-AB!2CB4601BD7A1
MAX malware (ai score=100)
VBA32 Hoax.Bitman
Malwarebytes Malware.AI.1842534263
Panda Trj/Downloader.WKR
TrendMicro-HouseCall TROJ_HPEPING.SM
Rising Trojan.Generic@ML.88 (RDML:mJlUP+1ZrA0a0Z+YB71B5g)
Yandex Trojan.GenAsa!CZoQ8HRK/Jo
Ikarus Trojan-Ransom.TeslaCrypt
Fortinet W32/Kryptik.EIWS!tr
AVG Win32:TeslaCrypt-B [Trj]
Paloalto generic.ml
Qihoo-360 Win32/Ransom.Tescrypt.HwoCEpsA

How to remove ML/PE-A + Mal/Ransom-DU?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: adamhughes.inapps.identrust.comcoatesarchitecture.comcrl.identrust.comcrl.pki.googcrls.pki.googgoedkoop-weekendjeweg.nethotbizlist.commagaz.mdoy.proML/PE-A + Mal/Ransom-DUmyexternalip.comocsp.digicert.comocsp.pki.googsofiehughesphotography.comTrueCrypt.exewww.hugedomains.comx1.c.lencr.org
3 years ago

Recent Posts

Should I remove “MSILHeracles.160333”?

The MSILHeracles.160333 is considered dangerous by lots of security experts. When this infection is active,…

19 mins ago

Backdoor:Win32/Y3KRatpro.0_2 removal

The Backdoor:Win32/Y3KRatpro.0_2 is considered dangerous by lots of security experts. When this infection is active,…

24 mins ago

Win32/Injector_AGen.ABF removal

The Win32/Injector_AGen.ABF is considered dangerous by lots of security experts. When this infection is active,…

29 mins ago

Trojan.ZbotRI.S28718216 information

The Trojan.ZbotRI.S28718216 is considered dangerous by lots of security experts. When this infection is active,…

29 mins ago

Trojan:Win32/CryptInject!pz removal guide

The Trojan:Win32/CryptInject!pz is considered dangerous by lots of security experts. When this infection is active,…

30 mins ago

How to remove “W32/Autorun-BFG”?

The W32/Autorun-BFG is considered dangerous by lots of security experts. When this infection is active,…

35 mins ago